Robust anomaly-based intrusion detection system for in-vehicle network by graph neural network framework

Xiao, Junchao; Yang, Lin; Zhong, Fuli; Chen, Hongbo; Li, Xiangxue

doi:10.1007/s10489-022-03412-8

Cited by 15 publications

(3 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DL methods have also been explored for detecting attacks in in-vehicle network traffic [28]. Song et al [10] presented a deep convolutional neural network (CNN) based approach for detecting attacks in CAN traffic, which reported high attack detection accuracy.…”

Section: Related Workmentioning

confidence: 99%

Enhanced Intrusion Detection in In-Vehicle Networks Using Advanced Feature Fusion and Stacking-Enriched Learning

Altalbe

2024

IEEE Access

View full text Add to dashboard Cite

Modern vehicles rely heavily on interconnected electronic control units (ECUs) through invehicle networks to perform crucial functions such as braking and monitoring engine RPMs. However, the increased number of ECUs and their connectivity to the in-vehicle network poses a security risk due to the lack of encryption and authentication protocols such as the controller area network (CAN). To address this problem, machine learning (ML) based intrusion detection systems (IDSs) have been proposed. However, existing IDSs suffer from low detection accuracy, limited real-time response, and high resource requirements. This study proposes an accurate and low-complexity IDS for in-vehicle networks based on feature fusion and ensemble learning called the Feature Fusion and Stacking-based IDS (FFS-IDS). FFS-IDS fuses multiple features extracted from raw network traffic and then classifies traffic instances into intrusive and nonintrusive categories using a stacking ensemble learning of basic machine learning classifiers. Specifically, a decision tree is employed as a base classifier, and random forest is used as a meta-learner. This work implements and validates the FFS-IDS using real-time car hacking data sets and achieves better performance than individual decision tree classifiers and popular ensemble learning methods such as Random Forest, LightGBM, AdaBoost, and ExtraTree algorithms. The results demonstrate that FFS-IDS can detect Denial of Service (DoS), Gear spoofing, and RPM spoofing attacks with up to 99% accuracy and Fuzzy attacks with up to 97.5% accuracy using benchmark datasets. Overall, this study shows the effectiveness and practicality of FFS-IDS in detecting intrusions in in-vehicle networks, which is essential for ensuring the cybersecurity and safety of modern vehicles. Future work in this area could involve exploring additional feature extraction techniques and fine-tuning hyperparameters to improve the performance of IDSs further.

show abstract

Section: Related Workmentioning

confidence: 99%

Enhanced Intrusion Detection in In-Vehicle Networks Using Advanced Feature Fusion and Stacking-Enriched Learning

Altalbe

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Anomal-E [14] adopts a self-supervised approach combining edge features and graph topology to detect network intrusions and anomalies. Xiao et al [15] constructed a control area network graph attention network model that improves anomaly detection accuracy by capturing correlations among different flow byte states. Through network embedding feature representations, Zhang et al [16] proposed a GNN-based intrusion detection framework that can handle high-dimensional redundant but imbalanced and rare labeled data in industrial Internet-of-Things, distinguishing between cyber-attacks and physical failures.…”

Section: Challenging Issues and Related Workmentioning

confidence: 99%

Blockchain-Assisted Cross-silo Graph Federated Learning for Network Intrusion Detection

Shen,

Zhou,

Wang

et al. 2023

Preprint

View full text Add to dashboard Cite

In this paper, a blockchain-assisted cross-silo graph federated learning (B-CGFL) framework is presented for large-scale network intrusion detection, aiming to break down barriers among different organizations and achieve a secure and transparent multi-party collaboration ecosystem. The network scenario is divided into multiple regions. Organizations in each region leverage graph neural networks to analyze local network flow topology information and identify traffic types accurately. With cross-silo graph federated learning, coordinators and organizations collaboratively complete the training and updating of global intrusion detection models. Multiple coordinators jointly maintain a chain to improve the global model’s scalability and storage security. Oracle nodes bridge the off-chain data provider and on-chain smart contracts, enabling secure transmission in off-chain model accuracy testing. For fair competition, a reputation-aware model incentive mechanism is designed to improve global model quality. Security analysis confirms that B-CGFL can defend against inference attacks, model plagiarism, and tampering with model test results. Experiments on three challenging datasets ToN-IoT, CSE-CIC-IDS2018, and BoT-IoT demonstrate that compared with benchmark machine learning methods, B-CGFL exhibits superior performance in accuracy and F1-score and facilitates model quality improvement.

show abstract

“…Unlike classification-based IDSs, anomaly-based IDSs can detect unknown or novel attacks that have not been previously seen. However apart from this advantage, these models cannot easily specify the type of attack and perform worse than classification approaches for known data types [26][27][28].…”

Section: Introductionmentioning

confidence: 99%

Deep Learning for Intrusion Detection Systems (IDSs) in Time Series Data

Psychogyios,

Papadakis,

Bourou

et al. 2024

Future Internet

View full text Add to dashboard Cite

The advent of computer networks and the internet has drastically altered the means by which we share information and interact with each other. However, this technological advancement has also created opportunities for malevolent behavior, with individuals exploiting vulnerabilities to gain access to confidential data, obstruct activity, etc. To this end, intrusion detection systems (IDSs) are needed to filter malicious traffic and prevent common attacks. In the past, these systems relied on a fixed set of rules or comparisons with previous attacks. However, with the increased availability of computational power and data, machine learning has emerged as a promising solution for this task. While many systems now use this methodology in real-time for a reactive approach to mitigation, we explore the potential of configuring it as a proactive time series prediction. In this work, we delve into this possibility further. More specifically, we convert a classic IDS dataset to a time series format and use predictive models to forecast forthcoming malign packets. We propose a new architecture combining convolutional neural networks, long short-term memory networks, and attention. The findings indicate that our model performs strongly, exhibiting an F1 score and AUC that are within margins of 1% and 3%, respectively, when compared to conventional real-time detection. Also, our architecture achieves an ∼8% F1 score improvement compared to an LSTM (long short-term memory) model.

show abstract

Robust anomaly-based intrusion detection system for in-vehicle network by graph neural network framework

Cited by 15 publications

References 47 publications

Enhanced Intrusion Detection in In-Vehicle Networks Using Advanced Feature Fusion and Stacking-Enriched Learning

Enhanced Intrusion Detection in In-Vehicle Networks Using Advanced Feature Fusion and Stacking-Enriched Learning

Blockchain-Assisted Cross-silo Graph Federated Learning for Network Intrusion Detection

Deep Learning for Intrusion Detection Systems (IDSs) in Time Series Data

Contact Info

Product

Resources

About